package org.xbzheng.sc.core.security;

import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
import org.springframework.security.web.util.matcher.RequestMatcher;

import java.util.List;
import java.util.function.Consumer;
import java.util.regex.Pattern;

/**
 * Created by Administrator on 2016/7/26.
 */
public class CsrfRequestMatcher implements RequestMatcher {
    private List<String> excludeUrls;
    final Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
    public boolean matches(final javax.servlet.http.HttpServletRequest request) {
        if(excludeUrls != null && !excludeUrls.isEmpty()){
            String servletPath = request.getServletPath();
            if(StringUtils.isNotBlank(servletPath)){
                System.out.println(servletPath);
            }
            for(String url : excludeUrls){
                if(servletPath.contains(url)){
                    System.out.println("*************************");
                    return false;
                }
            }
        }
        return !allowedMethods.matcher(request.getMethod()).matches();
    }

    public List<String> getExcludeUrls() {
        return excludeUrls;
    }

    public void setExcludeUrls(List<String> excludeUrls) {
        this.excludeUrls = excludeUrls;
    }
}
